Only two of the five largest councils in England have the ability to track and report incidents in real-time.
According to Freedom of Information Act (FoIA) requests issued by LogLogic, two of the five kept their log data for just up to three months, another for three-to-six months and the remaining two kept the logs for more than six months. The recommendation for Government Connect Secure Extranet (GCSx) compliance is to keep logs for more than six months.
To gain access to the GCSx, local government authorities have to comply with the Code of Connection (CoCo) and also Good Practice Guide 13 (GPG13), which mandates specific security and network controls for protective monitoring in order to prevent data leakage.
Of the questions related to data management, several of the Scottish and Northern Irish councils refused to answer them on the grounds of national security. All five of the largest councils in Wales were GCSx compliant, while four out of the five had implemented log management to assist with tracking and audit management, and the same amount could track and report in logs in real-time. The remaining council did not answer the question in either case.
In England, three of the five largest councils were fully GCSx compliant and the other two were still at the implementation stage. Three councils had implemented log management solutions to help achieve compliance, and all five carried out annual compliance audits.
LogLogic vice president, Bill Roth, said: “Managing IT data, from collection to storage and being able to report on it in real-time is key to addressing the cornerstones of GCSx. Overall I think the English and Welsh authorities have fared pretty well, but they were let down (the English authorities particularly) on being able to track and record in real-time.
“Storing logs for the recommended six months plus time period is also critical for compliance and a surprising number fell short of that measure. I was also surprised that funding seemed so random, some authorities receiving extra help and others none. We also had a comment from one authority saying that although funding had been provided for GCSx 4.1, they had received no help for version 4.2 and onwards.”